HJT Log - Can I remove the ones listed as file missing?

**rapada** · 02-15-2007, 08:40 AM

I just ran a HJT log as I've been having problems with my outlook express. It works fine for a few minutes then it is non responsive

Can I remove the ones liste below that show files missing?

Any help would be awesome! :D

TIA

---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:32:55 AM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mnrcreations.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\Program Files\IETB\sh.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: Internet-Based-Moms - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\Program Files\IETB\ietoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.com/games/download...areControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images...ntUpload19.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

**rapada** · 02-21-2007, 02:52 PM

I posted this several days ago.. Is there a back up..

Can anyone answer my question puleeze :)

Ried · 02-21-2007, 09:42 PM

Hello rapada,

Yes--we've been swamped here. Thanks for your patience.

Only some of those files are actually 'missing'--other areas is just a weakness in HJT ellucidating the files.

You can fix the following, although they would have no bearing on your Outlook Express issue:

Run a scan with HijackThis. 'Check' the following entries:

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Click 'Fix Checked' and close HijackThis.

-------------------------------------------------------------

I'm not seeing any malware in this log. We'll run a few tools and see if anything is revealed.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

******************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

(Alternate Link if main link doesn't work - http://www.greyknight17.com/spy/CleanUp.exe )

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
New HijackThis log

**rapada** · 02-22-2007, 01:18 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:21:55 AM 2/22/2007

+ Scan result:

C:\Program Files\180search assistant -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\instafink -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\powersearch -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\fwn toolbar -> Adware.ABXsearch : Cleaned with backup (quarantined).
C:\Program Files\altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\aprps -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\autoupdate -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\cxtpls -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\bullseye network -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\navisearch -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\tbonbin -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dinst.exe\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dsr.dll\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\nail.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\nail.exe\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\svcproc.exe\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drpmon.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drpmon.dll\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32 -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bde -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\Program Files\bcpc -> Adware.BroadcastPC : Cleaned with backup (quarantined).
C:\Program Files\buddylinks.net -> Adware.BuddyLinks : Cleaned with backup (quarantined).
C:\Program Files\cashback -> Adware.CashBack : Cleaned with backup (quarantined).
C:\Program Files\commonname -> Adware.CommonName : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adcache -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\Program Files\ezula -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\web offer -> Adware.eZula : Cleaned with backup (quarantined).
C:\WINDOWS\ilookup -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\ftapp -> Adware.FlashTrack : Cleaned with backup (quarantined).
C:\Program Files\fsw -> Adware.FreeScratchAndWin : Cleaned with backup (quarantined).
C:\Program Files\trustin contextual -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\incredifind -> Adware.Incredifind : Cleaned with backup (quarantined).
C:\Program Files\istbar -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Program Files\memorywatcher -> Adware.MemoryWatcher : Cleaned with backup (quarantined).
C:\Program Files\ebates_moemoneymaker -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\ebatesmoemoneymaker -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\newdotnet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\perfectnav -> Adware.PerfectNav : Cleaned with backup (quarantined).
C:\Program Files\psguard -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\Program Files\purityscan -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\regifast -> Adware.RegiFast : Cleaned with backup (quarantined).
C:\Program Files\rxtoolbar -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\whenusearch -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\sidefind -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Program Files\spyfalcon -> Adware.SpyFalcon : Cleaned with backup (quarantined).
C:\Program Files\spyonthis -> Adware.SpyOnThis : Cleaned with backup (quarantined).
C:\Program Files\spysheriff -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\Program Files\starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\surfaccuracy -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
C:\Program Files\surfsidekick 3 -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\toolbar888 -> Adware.ToolBar888 : Cleaned with backup (quarantined).
C:\Program Files\websearch -> Adware.TopMoxie : Cleaned with backup (quarantined).
C:\Program Files\trustin bar -> Adware.TrustCleaner : Cleaned with backup (quarantined).
C:\Program Files\trustin popups -> Adware.TrustCleaner : Cleaned with backup (quarantined).
C:\Program Files\trustin search -> Adware.TrustCleaner : Cleaned with backup (quarantined).
C:\Program Files\webhancer -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whinstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\clocksync -> Adware.WhenU : Cleaned with backup (quarantined).
C:\Program Files\winfixer 2005 -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\adstatus service -> Adware.WinTaskAd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mssearchnet.exe -> Hijacker.SpyAxe : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mssearchnet.exe\Readme.txt -> Hijacker.SpyAxe : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nvctrl.exe\Readme.txt -> Hijacker.SpyAxe : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\emedia codec -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\media-codec -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dfrgsrv.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dfrgsrv.exe\Readme.txt -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxmpp.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxmpp.dll\Readme.txt -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ginuerep.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ginuerep.dll\Readme.txt -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

**rapada** · 02-22-2007, 01:19 PM

Panda Results

Incident Status Location

Adware:adware/superspider Not disinfected c:\windows\system32\services
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt[.did-it.com/]

**rapada** · 02-22-2007, 01:19 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:17:45 PM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mnrcreations.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\Program Files\IETB\sh.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Internet-Based-Moms - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\Program Files\IETB\ietoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.com/games/download...areControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images...ntUpload19.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

**rapada** · 02-22-2007, 01:21 PM

I guess I did have some crap in this computer.. I was quite shocked to see it.

TIA :)

Ried · 02-22-2007, 11:24 PM

My goodness--you have quite a collection there.

We need to look deeper here. Please copy these instructions to Notepad for reference.

***********************************************

Please download SmitfraudFix (by S!Ri) to your Desktop.

-------------------------------------------------------------

Download ComboScan to your Desktop.
Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy and paste the contents of ComboScan.txt in your thread in the HijackThis Log Help forum.
A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
Please Attach the Supplementary.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:ComboScanSupplementary.txt
Click Upload.

--------------------------------------------------------------------

Double-click smitfraudfix.exe to start the tool.

Select option #1 - Search by typing 1 and press "Enter"
A text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

--------------------------------------------------------------------

Please include the following in your next reply:

SmitfraudFix report
ComboScan.txt
Attach the Supplementary.txt

**rapada** · 02-23-2007, 03:23 PM

ComboScan v20070221.16 run by Owner on 2007-02-23 at 16:20:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis (run as Owner.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:21:00 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Documents and Settings\Owner\My Documents\My Downloads & Stuff\comboscan.exe
C:\HJT\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mnrcreations.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\Program Files\IETB\sh.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Internet-Based-Moms - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\Program Files\IETB\ietoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.com/games/download...areControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images...ntUpload19.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

-- HijackThis Fixed Entries (C:\HJT\backups\) -----------------------------------

backup-20051105-211143-132 O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)
backup-20051105-211143-214 O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\awvts.dll (file missing)
backup-20051109-151838-648 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
backup-20051109-151838-857 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
backup-20051109-151838-930 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
backup-20070204-170728-734 O4 - Startup: spamsubtract.lnk.disabled
backup-20070222-082402-162 O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
backup-20070222-082402-207 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R Afc (PPdus ASPI Shell) - C:\WINDOWS\system32\drivers\afc.sys
1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
3S ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3S ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
2R F-Secure Filter (F-Secure File System Filter) - C:\Program Files\Shaw Secure\Anti-Virus\win2k\FSfilter.sys
2R F-Secure Gatekeeper - C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsgk.sys
2R F-Secure Recognizer (F-Secure File System Recognizer) - C:\Program Files\Shaw Secure\Anti-Virus\win2k\FSrec.sys
0R fasttx2k - C:\WINDOWS\system32\drivers\Fasttx2k.sys
0R FSFW (F-Secure Firewall Driver) - C:\WINDOWS\system32\drivers\fsdfw.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3S ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
3R ltmodem5 (Agere Modem Driver) - C:\WINDOWS\system32\drivers\ltmdmnt.sys
2R MASPINT - C:\WINDOWS\system32\drivers\MASPINT.SYS
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3R MxlW2k - C:\WINDOWS\system32\drivers\MxlW2k.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3R nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - C:\WINDOWS\system32\drivers\nvax.sys
2S nvcap (nVidia WDM Video Capture (universal)) - C:\WINDOWS\system32\drivers\nvcap.sys
3R NVENET (NVIDIA nForce MCP Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENET.sys
3R nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - C:\WINDOWS\system32\drivers\nvapu.sys
2S NVXBAR (nVidia WDM A/V Crossbar) - C:\WINDOWS\system32\drivers\nvxbar.sys
0R nv_agp (NVIDIA nForce AGP Bus Filter) - C:\WINDOWS\system32\drivers\nv_agp.SYS
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3R Point32 (Microsoft IntelliPoint Filter Driver) - C:\WINDOWS\system32\drivers\point32.sys
3R Ps2 - C:\WINDOWS\system32\drivers\PS2.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys
3S S3Psddr - C:\WINDOWS\system32\drivers\s3gnbm.sys
3S SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3R StillCam (Still Serial Digital Camera Driver) - C:\WINDOWS\system32\drivers\serscan.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3R SunkFilt (Alcor Micro Corp - 9360) - C:\WINDOWS\system32\drivers\Sunkfilt.sys
3S Sunkfiltp (HP && Alcor Micro Corp for Phison) - C:\WINDOWS\System32\Drivers\sunkfiltp.sys (not found)
3S SYMIDSCO - C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS (not found)
2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys
3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
3S viagfx - C:\WINDOWS\system32\drivers\vtmini.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S {6080A529-897E-4629-A488-ABA0C29B635E} (Intel(R) Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys
3S {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel(R) Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R BackWeb Plug-in - 3875767 (Shaw Secure) - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R F-Secure Gatekeeper Handler Starter (FSGKHS) - "C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe"
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S Fax - C:\WINDOWS\system32\fxssvc.exe
2R FSBWSYS - "C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe"
3R FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe"
3R fshttps (F-Secure HTTP Server) - "C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe"
2R FSMA (F-Secure Management Agent) - "C:\Program Files\Shaw Secure\Common\FSMA32.EXE"
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
3R iPodService - C:\Program Files\iPod\bin\iPodService.exe
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R NVSvc (NVIDIA Driver Helper Service) - C:\WINDOWS\System32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
3R Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
4S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{07E67AF9-F29E-4C46-A99E-83F064F16F92}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HP Status Server - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
3S HP Port Resolver - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

-- Scheduled Tasks --------------------------------------------------------------

2007-02-23 16:17:00 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2007-02-22 17:04:41 544 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job<SCHEDU~1.JOB>

-- Files created between 2007-01-23 and 2007-02-23 ------------------------------

2007-02-22 08:16:21 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-21 15:57:58 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-02-21 15:57:10 0 d-------- C:\Documents and Settings\Owner\.housecall6.6<HOUSEC~1.6>
2007-02-13 11:04:48 0 d-------- C:\Program Files\Common Files\Skype
2007-02-08 19:36:20 0 d-------- C:\Program Files\Lavasoft
2007-02-04 13:52:43 33584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-02-04 13:52:43 70896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-02-04 13:52:33 1716224 --a------ C:\WINDOWS\system32\winsflte.dll
2007-02-04 13:52:33 1187840 --a------ C:\WINDOWS\system32\winsflt.dll
2007-02-04 13:52:33 1236992 --a------ C:\WINDOWS\system32\cfgmig32.dll
2007-02-04 13:52:33 0 d-------- C:\WINDOWS\rnapxs
2007-02-04 13:52:30 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-02-02 16:37:25 0 d-------- C:\Program Files\CCleaner
2007-01-29 10:07:07 0 d-------- C:\Documents and Settings\Owner\smilies
2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-23 16:17:46 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-22 12:34:11 0 d-------- C:\Program Files\Multimedia Card Reader<MULTIM~1>
2007-02-22 12:31:28 0 d-------- C:\Program Files\Microsoft IntelliPoint<MIFB84~1>
2007-02-22 12:27:54 0 d-------- C:\Program Files\iTunes
2007-02-22 12:23:45 0 d-------- C:\Program Files\Google
2007-02-22 08:16:18 0 d-------- C:\Program Files\Grisoft
2007-02-13 11:14:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-02-13 11:04:49 0 d-------- C:\Program Files\Skype
2007-02-08 19:36:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-02-04 13:52:14 0 d-------- C:\Program Files\Shaw Secure<SHAWSE~1>
2007-02-02 16:37:37 0 d-------- C:\Program Files\Yahoo!
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zangoclient<ZANGOC~1>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango programs<ZANGOP~1>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango games<ZANGOG~1>
2007-01-17 11:00:58 232 -r-h----- C:\Program Files\winfixer_2006<WINFIX~2>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\whenu
2007-01-17 11:00:58 234 -r-h----- C:\Program Files\websnitch v3.0<WEBSNI~1.0>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\vvsdl
2007-01-17 11:00:58 238 -r-h----- C:\Program Files\mmediacodec<MMEDIA~1>
2007-01-17 11:00:58 232 -r-h----- C:\Program Files\Common Files\winsoftware<WINSOF~1>
2007-01-17 11:00:58 232 -r-h----- C:\Program Files\Common Files\winfixer 2006<WINFIX~1>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\Common Files\whenu
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\Common Files\ucontrol
2007-01-17 11:00:57 224 -r-h----- C:\Program Files\vvsn
2007-01-17 11:00:57 238 -r-h----- C:\Program Files\vmntoolbar<VMNTOO~1>
2007-01-17 11:00:57 232 -r-h----- C:\Program Files\ts trial<TSTRIA~1>
2007-01-17 11:00:57 232 -r-h----- C:\Program Files\topmoxie
2007-01-17 11:00:57 240 -r-h----- C:\Program Files\surfsidekick<SURFSI~1>
2007-01-17 11:00:57 240 -r-h----- C:\Program Files\surfsidekick 2<SURFSI~2>
2007-01-17 11:00:57 232 -r-h----- C:\Program Files\netmeting<NETMET~1>
2007-01-17 11:00:57 222 -r-h----- C:\Program Files\hpdll
2007-01-17 11:00:56 242 -r-h----- C:\Program Files\spywarestrike<SPYWAR~4>
2007-01-17 11:00:56 246 -r-h----- C:\Program Files\spyware stormer<SPYWAR~3>
2007-01-17 11:00:56 234 -r-h----- C:\Program Files\softomate<SOFTOM~1>
2007-01-17 11:00:56 228 -r-h----- C:\Program Files\seekmo
2007-01-17 11:00:56 234 -r-h----- C:\Program Files\searchnet<SEARCH~2>
2007-01-17 11:00:56 236 -r-h----- C:\Program Files\screenview<SCREEN~1>
2007-01-17 11:00:56 230 -r-h----- C:\Program Files\savenow
2007-01-17 11:00:56 250 -r-h----- C:\Program Files\relevantknowledge<RELEVA~1>
2007-01-17 11:00:56 234 -r-h----- C:\Program Files\rax search helper<RAXSEA~1>
2007-01-17 11:00:56 226 -r-h----- C:\Program Files\p4p
2007-01-17 11:00:56 234 -r-h----- C:\Program Files\ietoolbar<IETOOL~1>
2007-01-17 11:00:56 230 -r-h----- C:\Program Files\ezthemes_whenusavenow_installer<EZTHEM~1>
2007-01-17 11:00:56 242 -r-h----- C:\Program Files\dynamic toolbar<DYNAMI~1>
2007-01-17 11:00:56 226 -r-h----- C:\Program Files\Common Files\sogou pxp<SOGOUP~1>
2007-01-17 11:00:55 234 -r-h----- C:\Program Files\startup mechanic<STARTU~1>
2007-01-17 11:00:55 234 -r-h----- C:\Program Files\need2find<NEED2F~1>
2007-01-17 11:00:55 226 -r-h----- C:\Program Files\ncase
2007-01-17 11:00:55 232 -r-h----- C:\Program Files\navexcel
2007-01-17 11:00:55 232 -r-h----- C:\Program Files\navexcel search toolbar<NAVEXC~1>
2007-01-17 11:00:55 238 -r-h----- C:\Program Files\mywebsearch<MYWEBS~1>
2007-01-17 11:00:55 234 -r-h----- C:\Program Files\ddr
2007-01-17 11:00:55 234 -r-h----- C:\Program Files\arcade!
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\support software<SUPPOR~1>
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\network essentials<NETWOR~1>
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\medialoads<MEDIAL~1>
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\medialoads enhanced<MEDIAL~2>
2007-01-17 11:00:53 242 -r-h----- C:\Program Files\media gateway<MEDIAG~1>
2007-01-17 11:00:53 232 -r-h----- C:\Program Files\md
2007-01-17 11:00:53 228 -r-h----- C:\Program Files\lstsvc
2007-01-17 11:00:53 244 -r-h----- C:\Program Files\kuaiso toolsbar<KUAISO~1>
2007-01-17 11:00:53 242 -r-h----- C:\Program Files\kgb keylogger<KGBKEY~1>
2007-01-17 11:00:53 266 -r-h----- C:\Program Files\invisible secrets toolbar<INVISI~1>
2007-01-17 11:00:53 240 -r-h----- C:\Program Files\instant buzz<INSTAN~2>
2007-01-17 11:00:53 258 -r-h----- C:\Program Files\instant access<INSTAN~1>
2007-01-17 11:00:53 242 -r-h----- C:\Program Files\exploreanywhere<EXPLOR~1>
2007-01-17 11:00:53 232 -r-h----- C:\Program Files\Common Files\wqzq
2007-01-17 11:00:53 234 -r-h----- C:\Program Files\Common Files\updmgr
2007-01-17 11:00:53 234 -r-h----- C:\Program Files\Common Files\updater
2007-01-17 11:00:53 234 -r-h----- C:\Program Files\Common Files\keenvalue<KEENVA~1>
2007-01-17 11:00:52 228 -r-h----- C:\Program Files\system soap pro<SYSTEM~1>
2007-01-17 11:00:52 230 -r-h----- C:\Program Files\search toolbar<SEARCH~1>
2007-01-17 11:00:52 228 -r-h----- C:\Program Files\httper
2007-01-17 11:00:52 244 -r-h----- C:\Program Files\homekeylogger<HOMEKE~1>
2007-01-17 11:00:52 228 -r-h----- C:\Program Files\hbtools
2007-01-17 11:00:52 228 -r-h----- C:\Program Files\hbinst
2007-01-17 11:00:52 230 -r-h----- C:\Program Files\Common Files\wintools
2007-01-17 11:00:52 230 -r-h----- C:\Program Files\Common Files\msiets
2007-01-17 11:00:52 230 -r-h----- C:\Program Files\Common Files\btlink
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\xmod
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\xml
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\vcom
2007-01-17 11:00:51 246 -r-h----- C:\Program Files\sync manager demo<SYNCMA~1>
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\scom
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\reg2
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\pvm
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\primesoft<PRIMES~1>
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\paymentone<PAYMEN~1>
2007-01-17 11:00:51 252 -r-h----- C:\Program Files\gsr
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\gsoft
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\gmsoft
2007-01-17 11:00:51 240 -r-h----- C:\Program Files\globaldialer<GLOBAL~1>
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\ftk
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\flt
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fln
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\flcp
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fla
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\filesubmit<FILESU~1>
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fen
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fastseeker<FASTSE~1>
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\dialers
2007-01-17 11:00:50 260 -r-h----- C:\Program Files\webrebates<WEBREB~1>
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\real-tens<REAL-T~1>
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\popcorn.net
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\movienetworks<MOVIEN~1>
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\mlh
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\medch
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\kfh
2007-01-17 11:00:50 226 -r-h----- C:\Program Files\ezurl
2007-01-17 11:00:50 248 -r-h----- C:\Program Files\exact
2007-01-17 11:00:50 228 -r-h----- C:\Program Files\e2give
2007-01-17 11:00:50 228 -r-h----- C:\Program Files\e2g
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\downloadware<DOWNLO~2>
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\downloadware engine<DOWNLO~1>
2007-01-17 11:00:50 236 -r-h----- C:\Program Files\dealhelper<DEALHE~1>
2007-01-17 11:00:50 236 -r-h----- C:\Program Files\dealhelper.com inc<DEALHE~1.COM>
2007-01-17 11:00:50 234 -r-h----- C:\Program Files\dateregon<DATERE~1>
2007-01-17 11:00:50 238 -r-h----- C:\Program Files\date manager<DATEMA~1>
2007-01-17 11:00:50 228 -r-h----- C:\Program Files\data19
2007-01-17 11:00:50 234 -r-h----- C:\Program Files\comsoft
2007-01-17 11:00:50 248 -r-h----- C:\Program Files\Common Files\eacceleration<EACCEL~1>
2007-01-17 11:00:48 234 -r-h----- C:\Program Files\windowssa<WINDOW~4>
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\tvs
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\rvp
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\lycos
2007-01-17 11:00:48 236 -r-h----- C:\Program Files\letssearch<LETSSE~1>
2007-01-17 11:00:48 228 -r-h----- C:\Program Files\gator.com
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\csbb
2007-01-17 11:00:48 236 -r-h----- C:\Program Files\Common Files\psd tools<PSDTOO~1>
2007-01-17 11:00:48 228 -r-h----- C:\Program Files\Common Files\gmt
2007-01-17 11:00:48 228 -r-h----- C:\Program Files\Common Files\cmeii
2007-01-17 11:00:48 262 -r-h----- C:\Program Files\colej_uk design toolbar<COLEJ_~1>
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\cntrc
2007-01-17 11:00:48 234 -r-h----- C:\Program Files\clipgenie<CLIPGE~1>
2007-01-17 11:00:48 234 -r-h----- C:\Program Files\clientman<CLIENT~1>
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\clearsearch<CLEARS~1>
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\btv
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\brp
2007-01-17 11:00:48 236 -r-h----- C:\Program Files\browser pal<BROWSE~1>
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\bpt
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\bpc_search<BPC_SE~1>
2007-01-17 11:00:48 236 -r-h----- C:\Program Files\bonzibuddy<BONZIB~1>
2007-01-17 11:00:48 236 -r-h----- C:\Program Files\bde
2007-01-17 11:00:47 230 -r-h----- C:\Program Files\sysal
2007-01-17 11:00:47 246 -r-h----- C:\Program Files\mediaring talk<MEDIAR~1>
2007-01-17 11:00:47 240 -r-h----- C:\Program Files\funcade
2007-01-17 11:00:47 240 -r-h----- C:\Program Files\cardcrazy<CARDCR~1>
2007-01-17 11:00:47 240 -r-h----- C:\Program Files\bargain buddy<BARGAI~1>
2007-01-17 11:00:47 230 -r-h----- C:\Program Files\backweb
2007-01-17 11:00:47 244 -r-h----- C:\Program Files\arcaderockstar<ARCADE~1>
2007-01-17 11:00:47 230 -r-h----- C:\Program Files\aproposclient<APROPO~1>
2007-01-17 11:00:47 246 -r-h----- C:\Program Files\accoona
2007-01-17 11:00:46 230 -r-h----- C:\Program Files\the guard<THEGUA~1>
2007-01-17 11:00:46 236 -r-h----- C:\Program Files\stc
2007-01-17 11:00:46 236 -r-h----- C:\Program Files\srng
2007-01-17 11:00:46 246 -r-h----- C:\Program Files\netturbotrial<NETTUR~1>
2007-01-17 11:00:46 287 -r-h----- C:\Program Files\malwaresweeper.com<MALWAR~1.COM>
2007-01-17 11:00:46 228 -r-h----- C:\Program Files\fs
2007-01-17 11:00:46 288 -r-h----- C:\Program Files\flobo spyware clean<FLOBOS~1>
2007-01-17 11:00:46 284 -r-h----- C:\Program Files\fix my registry<FIXMYR~1>
2007-01-17 11:00:46 246 -r-h----- C:\Program Files\Common Files\betterinternet<BETTER~1>
2007-01-17 11:00:46 276 -r-h----- C:\Program Files\beclean
2007-01-17 11:00:46 246 -r-h----- C:\Program Files\abetterinternet<ABETTE~1>
2007-01-17 11:00:46 230 -r-h----- C:\Program Files\2search
2007-01-14 12:01:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer<APPLEC~1>
2007-01-14 12:01:32 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-14 12:01:13 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-14 11:58:05 0 d-------- C:\Program Files\iPod
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-09 19:59:48 117092 --a------ C:\WINDOWS\hpoins11.dat
2006-12-06 22:29:34 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"VTTimer"="VTTimer.exe"
"LTMSG"="LTMSG.exe 7"
"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"F-Secure Manager"="\"C:\\Program Files\\Shaw Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Shaw Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\ispnews.exe\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"mswspl"="C:\\Program Files\\Windows Media Player\\wmplayer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- End of ComboScan: finished at 2007-02-23 at 16:21:59 -------------------------

**rapada** · 02-23-2007, 03:26 PM

ComboScan v20070221.16 run by Owner on 2007-02-23 at 16:20:34
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 3200+
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 511.36 MiB / 179.99 MiB
Pagefile Memory (total/avail): 1250.27 MiB / 858.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1992.48 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 147.14 GiB total, 123.63 GiB free.
D: is Fixed (FAT32) - 5.5 GiB total, 0.92 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
Z: is Network (Unformatted)

-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Shaw Secure 6.15 v6.15 (F-Secure Corporation)
AV: Shaw Secure 6.15 v6.15 (F-Secure Corporation)

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL8795
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRITTNHENRY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
ITEMID=oj-22977-3
LANG=1033
LOGONSERVER=\\BRITTNHENRY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\Program Files\Mozilla Firefox\;C:\Program Files\Outlook Express;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PYTHON22;C:\PROGRAM FILES\PC-DOCTOR FOR WINDOWS\SERVICES;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONID=1140672288376htx6060da7b85:10a47817678:-758e
SESSIONNAME=Console
SWUTVER=1.0.18.20030625
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TOOLPATH=/c:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad7377B.tmp
USERDOMAIN=BRITTNHENRY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
VERSION=2.0.481.1611
windir=C:\WINDOWS

-- User Profiles ----------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)

-- Add/Remove Programs ----------------------------------------------------------

--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
--> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"News Service"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
FinePixViewer Ver.4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Global Star Software Product --> C:\GStar\25k\Gview32\UNWISE.EXE C:\GStar\25k\Gview32\INSTALL.LOG
Good Keywords v1.5g --> "C:\Program Files\Softnik Technologies\Good Keywords\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 1.99.1 --> C:\Documents and Settings\Owner\My Documents\HijackThis.exe /uninstall
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
Ipswitch WS_FTP LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3A31EEE-7C65-4EE6-BB0D-5549FD2D67B9}\setup.exe" -l0x9
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Juice 2.2 --> C:\Program Files\Juice\uninst.exe
Kaspersky On-line Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft FrontPage 2002 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft FrontPage 2002 SBS Files --> C:\WINDOWS\MSPUNIN.EXE `C:\SBS\FrontPage` Microsoft FrontPage 2002 SBS Files
Microsoft Links 2001 --> "C:\Program Files\Microsoft Games\Links 2001\UNINSTAL.EXE" /runtemp /addremove
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mozilla Firefox (1.5.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.9 (en-US)"
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA Ethernet Driver --> C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Paint Shop Pro 7 Anniversary Edition --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Planescape - Torment --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Black Isle\Torment\Uninst.isu"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTax 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53337CA9-E9A4-4C59-9D1C-D980EF9BF0C2}\isetup.ex_" -l0x9 -uninst
QuickTax 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8D0BC3E-67DF-48A3-ACC9-EEAA8DBFBF29}\isetup.ex_" -l0x9 -uninst
QuickTax Tracker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8992B88E-D45E-443B-A329-2F8DC03ECB0A} anything
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shaw Secure --> C:\PROGRA~1\SHAWSE~1\Common\fsbwih.exe /uninstall
Shaw Speed Test --> C:\WINDOWS\system32\javaws.exe -uninstall "http://sr3so.cg.shawcable.net/shawrtm1.jnlp"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Taxwiz - Impôtmatique 2003 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C851202-2C1F-4797-844F-365F3DA81886}\Setup.exe" -l0x9
The Print Shop® --> C:\WINDOWS\UNINST.EXE -f"C:\THEPRI~1\THEPRI~1\DeIsL1.isu" -c"C:\THEPRI~1\THEPRI~1\psfinst.dll"
Toolbar Software --> "C:\Program Files\IETB\unins000.exe"
toolkit --> c:\Windows\HPTK\unhptkit.exe
Turbo Lister --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99CC78D1-2356-497C-84C1-F239884001EC}
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- End of ComboScan: finished at 2007-02-23 at 16:21:59 -------------------------

**rapada** · 02-23-2007, 03:28 PM

SmitFraudFix v2.144

Scan done at 16:28:15.18, Fri 02/23/2007
Run from C:\Documents and Settings\Owner\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\winstall.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\ads.js FOUND !
C:\WINDOWS\avpcc.dll FOUND !
C:\WINDOWS\BTGrab.dll FOUND !
C:\WINDOWS\dlmax.dll FOUND !
C:\WINDOWS\olehelp.exe FOUND !
C:\WINDOWS\Pynix.dll FOUND !
C:\WINDOWS\svchost.exe FOUND !
C:\WINDOWS\ZServ.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\anti_troj.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\dfrgsrv.exe FOUND !
C:\WINDOWS\system32\dxmpp.dll FOUND !
C:\WINDOWS\system32\ginuerep.dll FOUND !
C:\WINDOWS\system32\intmon.exe FOUND !
C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\msbe.dll FOUND !
C:\WINDOWS\system32\mscornet.exe FOUND !
C:\WINDOWS\system32\mssearchnet.exe FOUND !
C:\WINDOWS\system32\msmsgs.exe FOUND !
C:\WINDOWS\system32\MTC.dll FOUND !
C:\WINDOWS\system32\nuclabdll.dll FOUND !
C:\WINDOWS\system32\nvctrl.exe FOUND !
C:\WINDOWS\system32\nvms.dll FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\replmap.dll FOUND !
C:\WINDOWS\system32\shnlog.exe FOUND !
C:\WINDOWS\system32\twain32.dll FOUND !
C:\WINDOWS\system32\wiatwain.dll FOUND !
C:\WINDOWS\system32\zlbw.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\MMediaCodec\ FOUND !
C:\Program Files\SpyKiller\ FOUND !
C:\Program Files\SpywareStrike\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Ried · 02-23-2007, 08:42 PM

Ok Britt, we have a lot to do.

Please copy this page to Word Precessor and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Downloads Please do not run until directed to do so.

KillBox (it's important that you get version v2.0.0.175)

--------------------------------------------

AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe Save it to your desktop.

--------------------------------------------

Brute Force Uninstaller to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones. Save it in the same folder you made earlier (c:\BFU).

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download MediaGateway.bfu. Save it in the same folder you made earlier (c:\BFU).

--------------------------------------------

Download and save VundoFix to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt in your next reply.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

Java 2 Runtime Environment, SE v1.4.2

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entry:

O3 - Toolbar: Internet-Based-Moms - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\Program Files\IETB\ietoolbar.dll

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

----------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

----------------------------------------------------

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

----------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

----------------------------------------------------

Launch KillBox.exe.

Select/tick the following:
* Delete on Reboot
* Deltree (include subdirectories)
Click the RED X button.

Click Yes at the 'Delete on Reboot' prompt. Click NO at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C: Note--You'll have to split this list up as there are so many. I've placed a space between to set up groupings for you so no folders get overlooked in the copy/paste process.

C:\Program Files\winfixer_2006
C:\Program Files\whenu
C:\Program Files\websnitch v3.0
C:\Program Files\vvsdl
C:\Program Files\Common Files\winsoftware
C:\Program Files\Common Files\winfixer 2006
C:\Program Files\Common Files\whenu
C:\Program Files\Common Files\ucontrol
C:\Program Files\vvsn
C:\Program Files\vmntoolbar
C:\Program Files\ts trial
C:\Program Files\topmoxie
C:\Program Files\netmeting
C:\Program Files\hpdll
C:\Program Files\spyware stormer

**Repeat the above procedure for each of the following groupings**

C:\Program Files\softomate
C:\Program Files\seekmo
C:\Program Files\searchnet
C:\Program Files\screenview
C:\Program Files\savenow
C:\Program Files\relevantknowledge
C:\Program Files\rax search helper
C:\Program Files\p4p
C:\Program Files\ietoolbar
C:\Program Files\ezthemes_whenusavenow_installer
C:\Program Files\dynamic toolbar
C:\Program Files\Common Files\sogou pxp
C:\Program Files\startup mechanic
C:\Program Files\need2find
C:\Program Files\ncase

C:\Program Files\navexcel
C:\Program Files\navexcel search toolbar
C:\Program Files\mywebsearch
C:\Program Files\ddr
C:\Program Files\arcade!
C:\Program Files\support software
C:\Program Files\network essentials
C:\Program Files\md
C:\Program Files\lstsvc
C:\Program Files\kuaiso toolsbar
C:\Program Files\kgb keylogger
C:\Program Files\invisible secrets toolbar
C:\Program Files\instant buzz
C:\Program Files\instant access
C:\Program Files\exploreanywhere

C:\Program Files\Common Files\wqzq
C:\Program Files\Common Files\updmgr
C:\Program Files\Common Files\updater
C:\Program Files\Common Files\keenvalue
C:\Program Files\system soap pro
C:\Program Files\search toolbar
C:\Program Files\httper
C:\Program Files\homekeylogger
C:\Program Files\hbtools
C:\Program Files\hbinst
C:\Program Files\Common Files\wintools
C:\Program Files\Common Files\msiets
C:\Program Files\Common Files\btlink
C:\Program Files\xmod
C:\Program Files\xml

C:\Program Files\vcom
C:\Program Files\sync manager demo
C:\Program Files\scom
C:\Program Files\reg2
C:\Program Files\pvm
C:\Program Files\primesoft
C:\Program Files\paymentone
C:\Program Files\gsr
C:\Program Files\gsoft
C:\Program Files\gmsoft
C:\Program Files\globaldialer
C:\Program Files\ftk
C:\Program Files\flt
C:\Program Files\fln
C:\Program Files\flcp

C:\Program Files\fla
C:\Program Files\filesubmit
C:\Program Files\fen
C:\Program Files\fastseeker
C:\Program Files\dialers
C:\Program Files\webrebates
C:\Program Files\real-tens
C:\Program Files\popcorn.net
C:\Program Files\movienetworks
C:\Program Files\mlh
C:\Program Files\medch
C:\Program Files\kfh
C:\Program Files\ezurl
C:\Program Files\exact
C:\Program Files\e2give

C:\Program Files\e2g
C:\Program Files\downloadware
C:\Program Files\downloadware engine
C:\Program Files\dealhelper
C:\Program Files\dealhelper.com inc
C:\Program Files\dateregon
C:\Program Files\date manager
C:\Program Files\data19
C:\Program Files\comsoft
C:\Program Files\Common Files\eacceleration
C:\Program Files\windowssa
C:\Program Files\tvs
C:\Program Files\rvp
C:\Program Files\lycos
C:\Program Files\letssearch

C:\Program Files\gator.com
C:\Program Files\csbb
C:\Program Files\Common Files\psd tools
C:\Program Files\Common Files\gmt
C:\Program Files\Common Files\cmeii
C:\Program Files\colej_uk design toolbar
C:\Program Files\cntrc
C:\Program Files\clipgenie
C:\Program Files\clientman
C:\Program Files\clearsearch
C:\Program Files\btv
C:\Program Files\brp
C:\Program Files\browser pal
C:\Program Files\bpt
C:\Program Files\bpc_search

C:\Program Files\bonzibuddy
C:\Program Files\bde
C:\Program Files\sysal
C:\Program Files\mediaring talk
C:\Program Files\funcade
C:\Program Files\cardcrazy
C:\Program Files\bargain buddy
C:\Program Files\backweb
C:\Program Files\arcaderockstar
C:\Program Files\aproposclient
C:\Program Files\accoona
C:\Program Files\the guard
C:\Program Files\stc
C:\Program Files\srng
C:\Program Files\netturbotrial

C:\Program Files\malwaresweeper.com
C:\Program Files\fs
C:\Program Files\flobo spyware clean
C:\Program Files\fix my registry
C:\Program Files\Common Files\betterinternet
C:\Program Files\beclean
C:\Program Files\abetterinternet
C:\Program Files\2search
C:\Program Files\IETB

----------------------------------------------------

Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

----------------------------------------------------

Now, please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Beside the scriptline to execute field click the folder icon and select mediagateway.bfu by double clicking on it.
Press Execute and let it do it’s job. (You ought to see a blue progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.

----------------------------------------------------

Now, within the BFU folder, double-click on sidekickFix.bat. Click YES and follow the prompts, when prompted to restart the PC please do so.

----------------------------------------------------

Run another online scan at Panda and save the results.

----------------------------------------------------

Run ComboScan.exe once again.

----------------------------------------------------

Please include the following in your next reply:

C:\vundofix.txt
C:\rapport.txt
log.txt (located in the AproposFix folder)
Actions History Log (Open Killbox>file>logs>Actions History Log)
Panda results
ComboScan.txt (no need for the Supplementary.txt)

**rapada** · 02-24-2007, 07:30 AM

Hi Ried,

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones. Save it in the same folder you made earlier (c:\BFU).

I am unable to download this file.. can I get it somewhere else?

**rapada** · 02-24-2007, 08:39 AM

I went ahead to do this part...

Quote:

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

but I was prompted by a bunch of questions to remove the files.. do I say yes to all of them?

Ried · 02-24-2007, 10:45 AM

We'll take care of SurfSidekick in the next round--let's get rid of the bulk first.

Answer Yes to any prompts by the SmitfraudFix--we want it to clean.

**rapada** · 02-24-2007, 10:53 AM

Ok will do. :) I'll do that right now ;)

TIA :D

**rapada** · 02-24-2007, 11:10 AM

Ok I got to this part..

Launch KillBox.exe.

Select/tick the following:
* Delete on Reboot
* Deltree (include subdirectories)
Click the RED X button.

Is this supposed to be done in safe mode? It won't allow me to select Deltree and it asks me which file to select?

Ried · 02-24-2007, 11:34 AM

Yes, you should still be in Safe Mode.

Normally there aren't this many folders to delete on a system--so in trying to make it 'work' for you using Killbox, my instructions are a bit lacking.

What you're going to do is work with a group of folders at a time, by doing the following for each grouping:

Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:

Go to the File menu, and choose Paste from Clipboard
*Click on the dropdown menu next to Full Path of File to Delete field.
*Verify that the filenames you pasted are found there

Then Select/tick the following:
* Delete on Reboot
* Deltree (include subdirectories)
Click the RED X button.

Click Yes at the 'Delete on Reboot' prompt. Click No at the Pending Operations prompt.

**rapada** · 02-24-2007, 12:20 PM

Ok.. now my wrist hurts. LOL

killbox log

C:\Program Files\winfixer_2006
Delete on Reboot
C:\Program Files\whenu
Delete on Reboot
C:\Program Files\websnitch v3.0
Delete on Reboot
C:\Program Files\vvsdl
Delete on Reboot
C:\Program Files\Common Files\winsoftware
Delete on Reboot
C:\Program Files\Common Files\winfixer 2006
Delete on Reboot
C:\Program Files\Common Files\whenu
Delete on Reboot
C:\Program Files\Common Files\ucontrol
Delete on Reboot
C:\Program Files\vvsn
Delete on Reboot
C:\Program Files\vmntoolbar
Delete on Reboot
C:\Program Files\ts trial
Delete on Reboot
C:\Program Files\topmoxie
Delete on Reboot
C:\Program Files\netmeting
Delete on Reboot
C:\Program Files\hpdll
Delete on Reboot
C:\Program Files\spyware stormer
Delete on Reboot
C:\Program Files\softomate
Delete on Reboot
C:\Program Files\seekmo
Delete on Reboot
C:\Program Files\searchnet
Delete on Reboot
C:\Program Files\screenview
Delete on Reboot
C:\Program Files\savenow
Delete on Reboot
C:\Program Files\relevantknowledge
Delete on Reboot
C:\Program Files\rax search helper
Delete on Reboot
C:\Program Files\p4p
Delete on Reboot
C:\Program Files\ietoolbar
Delete on Reboot
C:\Program Files\ezthemes_whenusavenow_installer
Delete on Reboot
C:\Program Files\dynamic toolbar
Delete on Reboot
C:\Program Files\Common Files\sogou pxp
Delete on Reboot
C:\Program Files\startup mechanic
Delete on Reboot
C:\Program Files\navexcel
Delete on Reboot
C:\Program Files\navexcel search toolbar
Delete on Reboot
C:\Program Files\mywebsearch
Delete on Reboot
C:\Program Files\ddr
Delete on Reboot
C:\Program Files\arcade!
Delete on Reboot
C:\Program Files\support software
Delete on Reboot
C:\Program Files\network essentials
Delete on Reboot
C:\Program Files\md
Delete on Reboot
C:\Program Files\lstsvc
Delete on Reboot
C:\Program Files\kuaiso toolsbar
Delete on Reboot
C:\Program Files\kgb keylogger
Delete on Reboot
C:\Program Files\invisible secrets toolbar
Delete on Reboot
C:\Program Files\instant buzz
Delete on Reboot
C:\Program Files\instant access
Delete on Reboot
C:\Program Files\exploreanywhere
Delete on Reboot
C:\Program Files\Common Files\wqzq
Delete on Reboot
C:\Program Files\Common Files\updmgr
Delete on Reboot
C:\Program Files\Common Files\updater
Delete on Reboot
C:\Program Files\Common Files\keenvalue
Delete on Reboot
C:\Program Files\system soap pro
Delete on Reboot
C:\Program Files\search toolbar
Delete on Reboot
C:\Program Files\httper
Delete on Reboot
C:\Program Files\homekeylogger
Delete on Reboot
C:\Program Files\hbtools
Delete on Reboot
C:\Program Files\hbinst
Delete on Reboot
C:\Program Files\Common Files\wintools
Delete on Reboot
C:\Program Files\Common Files\msiets
Delete on Reboot
C:\Program Files\Common Files\btlink
Delete on Reboot
C:\Program Files\xmod
Delete on Reboot
C:\Program Files\xml
Delete on Reboot
C:\Program Files\vcom
Delete on Reboot
C:\Program Files\sync manager demo
Delete on Reboot
C:\Program Files\scom
Delete on Reboot
C:\Program Files\reg2
Delete on Reboot
C:\Program Files\pvm
Delete on Reboot
C:\Program Files\primesoft
Delete on Reboot
C:\Program Files\paymentone
Delete on Reboot
C:\Program Files\gsr
Delete on Reboot
C:\Program Files\gsoft
Delete on Reboot
C:\Program Files\gmsoft
Delete on Reboot
C:\Program Files\globaldialer
Delete on Reboot
C:\Program Files\ftk
Delete on Reboot
C:\Program Files\fla
Delete on Reboot
C:\Program Files\filesubmit
Delete on Reboot
C:\Program Files\fen
Delete on Reboot
C:\Program Files\fastseeker
Delete on Reboot
C:\Program Files\dialers
Delete on Reboot
C:\Program Files\webrebates
Delete on Reboot
C:\Program Files\real-tens
Delete on Reboot
C:\Program Files\popcorn.net
Delete on Reboot
C:\Program Files\movienetworks
Delete on Reboot
C:\Program Files\mlh
Delete on Reboot
C:\Program Files\medch
Delete on Reboot
C:\Program Files\kfh
Delete on Reboot
C:\Program Files\e2g
Delete on Reboot
C:\Program Files\downloadware
Delete on Reboot
C:\Program Files\downloadware engine
Delete on Reboot
C:\Program Files\dealhelper
Delete on Reboot
C:\Program Files\dealhelper.com inc
Delete on Reboot
C:\Program Files\dateregon
Delete on Reboot
C:\Program Files\date manager
Delete on Reboot
C:\Program Files\data19
Delete on Reboot
C:\Program Files\comsoft
Delete on Reboot
C:\Program Files\Common Files\eacceleration
Delete on Reboot
C:\Program Files\windowssa
Delete on Reboot
C:\Program Files\tvs
Delete on Reboot
C:\Program Files\rvp
Delete on Reboot
C:\Program Files\lycos
Delete on Reboot
C:\Program Files\letssearch
Delete on Reboot
C:\Program Files\gator.com
Delete on Reboot
C:\Program Files\csbb
Delete on Reboot
C:\Program Files\Common Files\psd tools
Delete on Reboot
C:\Program Files\Common Files\gmt
Delete on Reboot
C:\Program Files\Common Files\cmeii
Delete on Reboot
C:\Program Files\colej_uk design toolbar
Delete on Reboot
C:\Program Files\cntrc
Delete on Reboot
C:\Program Files\clipgenie
Delete on Reboot
C:\Program Files\clipgenie
Delete on Reboot
C:\Program Files\clientman
Delete on Reboot
C:\Program Files\clearsearch
Delete on Reboot
C:\Program Files\btv
Delete on Reboot
C:\Program Files\brp
Delete on Reboot
C:\Program Files\browser pal
Delete on Reboot
C:\Program Files\bpt
Delete on Reboot
C:\Program Files\bpc_search
Delete on Reboot
C:\Program Files\bonzibuddy
Delete on Reboot
C:\Program Files\bde
Delete on Reboot
C:\Program Files\sysal
Delete on Reboot
C:\Program Files\mediaring talk
Delete on Reboot
C:\Program Files\funcade
Delete on Reboot
C:\Program Files\cardcrazy
Delete on Reboot
C:\Program Files\bargain buddy
Delete on Reboot
C:\Program Files\backweb
Delete on Reboot
C:\Program Files\arcaderockstar
Delete on Reboot
C:\Program Files\aproposclient
Delete on Reboot
C:\Program Files\accoona
Delete on Reboot
C:\Program Files\the guard
Delete on Reboot
C:\Program Files\stc
Delete on Reboot
C:\Program Files\srng
Delete on Reboot
C:\Program Files\netturbotrial
Delete on Reboot
C:\Program Files\malwaresweeper.com
Delete on Reboot
C:\Program Files\fs
Delete on Reboot
C:\Program Files\flobo spyware clean
Delete on Reboot
C:\Program Files\fix my registry
Delete on Reboot
C:\Program Files\Common Files\betterinternet
Delete on Reboot
C:\Program Files\beclean
Delete on Reboot
C:\Program Files\abetterinternet
Delete on Reboot
C:\Program Files\2search
Delete on Reboot
C:\Program Files\IETB
Delete on Reboot

**rapada** · 02-24-2007, 12:20 PM

Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Owner\Desktop\aproposfix

************

Registry entries found:

************

No service found!

Removing hidden folder:
No folder found!

Deleting files:

Backing up files:
Done!

Removing registry entries:

REGEDIT4

Done!

Finished!

02-15-2007, 08:40 AM	#1 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	HJT Log - Can I remove the ones listed as file missing? I just ran a HJT log as I've been having problems with my outlook express. It works fine for a few minutes then it is non responsive Can I remove the ones liste below that show files missing? Any help would be awesome! :D TIA --------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 9:32:55 AM, on 2/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Shaw Secure\Common\FSMA32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Shaw Secure\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe C:\Program Files\Shaw Secure\Common\FCH32.EXE C:\Program Files\Shaw Secure\Common\FAMEH32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe C:\Program Files\Shaw Secure\FSPC\fspc.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mnrcreations.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\Program Files\IETB\sh.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file) O3 - Toolbar: Internet-Based-Moms - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\Program Files\IETB\ietoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.com/games/download...areControl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images...ntUpload19.CAB O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe __________________ Thanks for all your help!! Britt

02-21-2007, 02:52 PM	#2 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	I posted this several days ago.. Is there a back up.. Can anyone answer my question puleeze :) __________________ Thanks for all your help!! Britt

02-21-2007, 09:42 PM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,958 OS: WinXP and Vista	Hello rapada, Yes--we've been swamped here. Thanks for your patience. Only some of those files are actually 'missing'--other areas is just a weakness in HJT ellucidating the files. You can fix the following, although they would have no bearing on your Outlook Express issue: Run a scan with HijackThis. 'Check' the following entries: O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) Click 'Fix Checked' and close HijackThis. ------------------------------------------------------------- I'm not seeing any malware in this log. We'll run a few tools and see if anything is revealed. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. **************************************************** Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. -------------------------------------------------------------------- Download and install CleanUp! but do not run it yet. (Not Recommended for XP64). (Alternate Link if main link doesn't work - http://www.greyknight17.com/spy/CleanUp.exe ) -------------------------------------------------------------------- Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account*. Make sure to close any open browsers. -------------------------------------------------------------------- WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the "Temporary Files"* and uncheck the box for "Scan drives for file matching" if it's checked. Click OK Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted. -------------------------------------------------------------------- IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, Please ensure it is set to Quarantine then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner. -------------------------------------------------------------------- Reboot into Normal Mode. -------------------------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: AVG Anti-Spyware results Panda results New HijackThis log __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-22-2007, 01:18 PM	#4 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:21:55 AM 2/22/2007 + Scan result: C:\Program Files\180search assistant -> Adware.180Solutions : Cleaned with backup (quarantined). C:\Program Files\180searchassistant -> Adware.180Solutions : Cleaned with backup (quarantined). C:\Program Files\instafink -> Adware.404Search : Cleaned with backup (quarantined). C:\Program Files\powersearch -> Adware.404Search : Cleaned with backup (quarantined). C:\Program Files\fwn toolbar -> Adware.ABXsearch : Cleaned with backup (quarantined). C:\Program Files\altnet -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\aprps -> Adware.Apropos : Cleaned with backup (quarantined). C:\Program Files\autoupdate -> Adware.Apropos : Cleaned with backup (quarantined). C:\Program Files\cxtpls -> Adware.Apropos : Cleaned with backup (quarantined). C:\Program Files\bullseye network -> Adware.BargainBuddy : Cleaned with backup (quarantined). C:\Program Files\navisearch -> Adware.BargainBuddy : Cleaned with backup (quarantined). C:\Program Files\tbonbin -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\dinst.exe\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\dsr.dll\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\nail.exe -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\nail.exe\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\svcproc.exe\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\system32\drpmon.dll -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\system32\drpmon.dll\Readme.txt -> Adware.BetterInternet : Cleaned with backup (quarantined). C:\WINDOWS\bsx32 -> Adware.BookedSpace : Cleaned with backup (quarantined). C:\WINDOWS\bde -> Adware.BrilliantDigital : Cleaned with backup (quarantined). C:\Program Files\bcpc -> Adware.BroadcastPC : Cleaned with backup (quarantined). C:\Program Files\buddylinks.net -> Adware.BuddyLinks : Cleaned with backup (quarantined). C:\Program Files\cashback -> Adware.CashBack : Cleaned with backup (quarantined). C:\Program Files\commonname -> Adware.CommonName : Cleaned with backup (quarantined). C:\WINDOWS\system32\adcache -> Adware.Cydoor : Cleaned with backup (quarantined). C:\Program Files\ezula -> Adware.eZula : Cleaned with backup (quarantined). C:\Program Files\web offer -> Adware.eZula : Cleaned with backup (quarantined). C:\WINDOWS\ilookup -> Adware.eZula : Cleaned with backup (quarantined). C:\Program Files\ftapp -> Adware.FlashTrack : Cleaned with backup (quarantined). C:\Program Files\fsw -> Adware.FreeScratchAndWin : Cleaned with backup (quarantined). C:\Program Files\trustin contextual -> Adware.Generic : Cleaned with backup (quarantined). C:\Program Files\hotbar -> Adware.HotBar : Cleaned with backup (quarantined). C:\Program Files\incredifind -> Adware.Incredifind : Cleaned with backup (quarantined). C:\Program Files\istbar -> Adware.ISTBar : Cleaned with backup (quarantined). C:\Program Files\memorywatcher -> Adware.MemoryWatcher : Cleaned with backup (quarantined). C:\Program Files\ebates_moemoneymaker -> Adware.MoneyMaker : Cleaned with backup (quarantined). C:\Program Files\ebatesmoemoneymaker -> Adware.MoneyMaker : Cleaned with backup (quarantined). C:\Program Files\newdotnet -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\perfectnav -> Adware.PerfectNav : Cleaned with backup (quarantined). C:\Program Files\psguard -> Adware.PSGuard : Cleaned with backup (quarantined). C:\Program Files\purityscan -> Adware.PurityScan : Cleaned with backup (quarantined). C:\Program Files\regifast -> Adware.RegiFast : Cleaned with backup (quarantined). C:\Program Files\rxtoolbar -> Adware.RXToolbar : Cleaned with backup (quarantined). C:\Program Files\save -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\whenusearch -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\sidefind -> Adware.SideFind : Cleaned with backup (quarantined). C:\Program Files\spyfalcon -> Adware.SpyFalcon : Cleaned with backup (quarantined). C:\Program Files\spyonthis -> Adware.SpyOnThis : Cleaned with backup (quarantined). C:\Program Files\spysheriff -> Adware.SpySheriff : Cleaned with backup (quarantined). C:\Program Files\starware -> Adware.Starware : Cleaned with backup (quarantined). C:\Program Files\surfaccuracy -> Adware.SurfAccuracy : Cleaned with backup (quarantined). C:\Program Files\surfsidekick 3 -> Adware.SurfSide : Cleaned with backup (quarantined). C:\Program Files\toolbar888 -> Adware.ToolBar888 : Cleaned with backup (quarantined). C:\Program Files\websearch -> Adware.TopMoxie : Cleaned with backup (quarantined). C:\Program Files\trustin bar -> Adware.TrustCleaner : Cleaned with backup (quarantined). C:\Program Files\trustin popups -> Adware.TrustCleaner : Cleaned with backup (quarantined). C:\Program Files\trustin search -> Adware.TrustCleaner : Cleaned with backup (quarantined). C:\Program Files\webhancer -> Adware.Webhancer : Cleaned with backup (quarantined). C:\Program Files\whinstall -> Adware.Webhancer : Cleaned with backup (quarantined). C:\Program Files\clocksync -> Adware.WhenU : Cleaned with backup (quarantined). C:\Program Files\winfixer 2005 -> Adware.WinFixer : Cleaned with backup (quarantined). C:\Program Files\adstatus service -> Adware.WinTaskAd : Cleaned with backup (quarantined). C:\WINDOWS\system32\mssearchnet.exe -> Hijacker.SpyAxe : Cleaned with backup (quarantined). C:\WINDOWS\system32\mssearchnet.exe\Readme.txt -> Hijacker.SpyAxe : Cleaned with backup (quarantined). C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Cleaned with backup (quarantined). C:\WINDOWS\system32\nvctrl.exe\Readme.txt -> Hijacker.SpyAxe : Cleaned with backup (quarantined). :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt -> TrackingCookie.Statcounter : Cleaned. C:\Program Files\emedia codec -> Trojan.Small : Cleaned with backup (quarantined). C:\Program Files\media-codec -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\dfrgsrv.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\dfrgsrv.exe\Readme.txt -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\dxmpp.dll -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\dxmpp.dll\Readme.txt -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\ginuerep.dll -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\ginuerep.dll\Readme.txt -> Trojan.Small : Cleaned with backup (quarantined). ::Report end __________________ Thanks for all your help!! Britt

02-22-2007, 01:19 PM	#5 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	Panda Results Incident Status Location Adware:adware/superspider Not disinfected c:\windows\system32\services Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt[.did-it.com/] __________________ Thanks for all your help!! Britt

02-22-2007, 01:19 PM	#6 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	Logfile of HijackThis v1.99.1 Scan saved at 2:17:45 PM, on 2/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\HP\KBD\KBD.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Shaw Secure\Common\FSMA32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe C:\Program Files\Shaw Secure\Common\FSMB32.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe C:\Program Files\Shaw Secure\Common\FCH32.EXE C:\Program Files\Shaw Secure\Common\FAMEH32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe C:\Program Files\Shaw Secure\FSPC\fspc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\WINDOWS\system32\HPZinw12.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mnrcreations.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\Program Files\IETB\sh.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Internet-Based-Moms - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\Program Files\IETB\ietoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.com/games/download...areControl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images...ntUpload19.CAB O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe __________________ Thanks for all your help!! Britt

02-22-2007, 01:21 PM	#7 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	I guess I did have some crap in this computer.. I was quite shocked to see it. TIA :) __________________ Thanks for all your help!! Britt

02-22-2007, 11:24 PM	#8 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,958 OS: WinXP and Vista	My goodness--you have quite a collection there. We need to look deeper here. Please copy these instructions to Notepad for reference. ********************************************* Please download SmitfraudFix (by S!Ri) to your Desktop. ------------------------------------------------------------- Download ComboScan to your Desktop. Close all applications and windows. Double-click on comboscan.exe to run it, and follow the prompts. When the scan is complete, a text file will open - ComboScan.txt Copy and paste the contents of ComboScan.txt in your thread in the HijackThis Log Help forum. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt** Please Attach the Supplementary.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:ComboScanSupplementary.txt Click Upload. -------------------------------------------------------------------- Double-click smitfraudfix.exe to start the tool. Select option #1 - Search by typing 1 and press "Enter" A text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! -------------------------------------------------------------------- Please include the following in your next reply: SmitfraudFix report ComboScan.txt Attach the Supplementary.txt __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-23-2007, 03:26 PM	#10 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	ComboScan v20070221.16 run by Owner on 2007-02-23 at 16:20:34 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) XP 3200+ Percentage of Memory in Use: 64% Physical Memory (total/avail): 511.36 MiB / 179.99 MiB Pagefile Memory (total/avail): 1250.27 MiB / 858.66 MiB Virtual Memory (total/avail): 2047.88 MiB / 1992.48 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 147.14 GiB total, 123.63 GiB free. D: is Fixed (FAT32) - 5.5 GiB total, 0.92 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is Removable (No Media) Z: is Network (Unformatted) -- Security Center -------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: Shaw Secure 6.15 v6.15 (F-Secure Corporation) AV: Shaw Secure 6.15 v6.15 (F-Secure Corporation) -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip CLIENTNAME=Console COLLECTIONID=COL8795 CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=BRITTNHENRY ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner ITEMID=oj-22977-3 LANG=1033 LOGONSERVER=\\BRITTNHENRY NUMBER_OF_PROCESSORS=1 OS=Windows_NT OSVER=winXPH Path=C:\Program Files\Mozilla Firefox\;C:\Program Files\Outlook Express;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PYTHON22;C:\PROGRAM FILES\PC-DOCTOR FOR WINDOWS\SERVICES;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0a00 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip SESSIONID=1140672288376htx6060da7b85:10a47817678:-758e SESSIONNAME=Console SWUTVER=1.0.18.20030625 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TIMEOUT=0 TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TOOLPATH=/c:\Program%20Files\HP\HP%20Software%20Update\install.htm UPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad7377B.tmp USERDOMAIN=BRITTNHENRY USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner VERSION=2.0.481.1611 windir=C:\WINDOWS -- User Profiles ---------------------------------------------------------------- Owner (admin) Administrator (new local, admin) -- Add/Remove Programs ---------------------------------------------------------- --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure FWES" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure GUI" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Help" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure TNB" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter" --> "C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"News Service" --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll" Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002} Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu" AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM= ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9 ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9 Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe" AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033 Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u FinePixViewer Ver.4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE" Global Star Software Product --> C:\GStar\25k\Gview32\UNWISE.EXE C:\GStar\25k\Gview32\INSTALL.LOG Good Keywords v1.5g --> "C:\Program Files\Softnik Technologies\Good Keywords\unins000.exe" Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll" HijackThis 1.99.1 --> C:\Documents and Settings\Owner\My Documents\HijackThis.exe /uninstall HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878} HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781} HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe" Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9 InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033 Ipswitch WS_FTP LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3A31EEE-7C65-4EE6-BB0D-5549FD2D67B9}\setup.exe" -l0x9 iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033 J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Jasc Paint Shop Photo Album --> MsiExec.exe /I{B76D4A7F-FF11-4420-947C-C3AD624B9DBA} Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328} Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000} Juice 2.2 --> C:\Program Files\Juice\uninst.exe Kaspersky On-line Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA} Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft FrontPage 2002 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9} Microsoft FrontPage 2002 SBS Files --> C:\WINDOWS\MSPUNIN.EXE `C:\SBS\FrontPage` Microsoft FrontPage 2002 SBS Files Microsoft Links 2001 --> "C:\Program Files\Microsoft Games\Links 2001\UNINSTAL.EXE" /runtemp /addremove Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3} Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88} Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} MicroStaff WINASPI --> C:\MWASPI\uninst.exe Mozilla Firefox (1.5.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.9 (en-US)" MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5} MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78} MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI NVIDIA Ethernet Driver --> C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat Paint Shop Pro 7 Anniversary Edition --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe" Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat Planescape - Torment --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Black Isle\Torment\Uninst.isu" PS2 --> C:\WINDOWS\system32\ps2.exe uninstall Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything QuickTax 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53337CA9-E9A4-4C59-9D1C-D980EF9BF0C2}\isetup.ex_" -l0x9 -uninst QuickTax 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8D0BC3E-67DF-48A3-ACC9-EEAA8DBFBF29}\isetup.ex_" -l0x9 -uninst QuickTax Tracker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8992B88E-D45E-443B-A329-2F8DC03ECB0A} anything QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033 RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9 RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Shaw Secure --> C:\PROGRA~1\SHAWSE~1\Common\fsbwih.exe /uninstall Shaw Speed Test --> C:\WINDOWS\system32\javaws.exe -uninstall "http://sr3so.cg.shawcable.net/shawrtm1.jnlp" Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Taxwiz - Impôtmatique 2003 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C851202-2C1F-4797-844F-365F3DA81886}\Setup.exe" -l0x9 The Print Shop® --> C:\WINDOWS\UNINST.EXE -f"C:\THEPRI~1\THEPRI~1\DeIsL1.isu" -c"C:\THEPRI~1\THEPRI~1\psfinst.dll" Toolbar Software --> "C:\Program Files\IETB\unins000.exe" toolkit --> c:\Windows\HPTK\unhptkit.exe Turbo Lister --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99CC78D1-2356-497C-84C1-F239884001EC} Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903 WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG -- End of ComboScan: finished at 2007-02-23 at 16:21:59 ------------------------- __________________ Thanks for all your help!! Britt

02-23-2007, 03:28 PM	#11 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	SmitFraudFix v2.144 Scan done at 16:28:15.18, Fri 02/23/2007 Run from C:\Documents and Settings\Owner\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ C:\winstall.exe FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\ads.js FOUND ! C:\WINDOWS\avpcc.dll FOUND ! C:\WINDOWS\BTGrab.dll FOUND ! C:\WINDOWS\dlmax.dll FOUND ! C:\WINDOWS\olehelp.exe FOUND ! C:\WINDOWS\Pynix.dll FOUND ! C:\WINDOWS\svchost.exe FOUND ! C:\WINDOWS\ZServ.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\anti_troj.exe FOUND ! C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\dfrgsrv.exe FOUND ! C:\WINDOWS\system32\dxmpp.dll FOUND ! C:\WINDOWS\system32\ginuerep.dll FOUND ! C:\WINDOWS\system32\intmon.exe FOUND ! C:\WINDOWS\system32\ishost.exe FOUND ! C:\WINDOWS\system32\ismon.exe FOUND ! C:\WINDOWS\system32\isnotify.exe FOUND ! C:\WINDOWS\system32\issearch.exe FOUND ! C:\WINDOWS\system32\msbe.dll FOUND ! C:\WINDOWS\system32\mscornet.exe FOUND ! C:\WINDOWS\system32\mssearchnet.exe FOUND ! C:\WINDOWS\system32\msmsgs.exe FOUND ! C:\WINDOWS\system32\MTC.dll FOUND ! C:\WINDOWS\system32\nuclabdll.dll FOUND ! C:\WINDOWS\system32\nvctrl.exe FOUND ! C:\WINDOWS\system32\nvms.dll FOUND ! C:\WINDOWS\system32\regperf.exe FOUND ! C:\WINDOWS\system32\replmap.dll FOUND ! C:\WINDOWS\system32\shnlog.exe FOUND ! C:\WINDOWS\system32\twain32.dll FOUND ! C:\WINDOWS\system32\wiatwain.dll FOUND ! C:\WINDOWS\system32\zlbw.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\MMediaCodec\ FOUND ! C:\Program Files\SpyKiller\ FOUND ! C:\Program Files\SpywareStrike\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End __________________ Thanks for all your help!! Britt

02-23-2007, 08:42 PM	#12 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,958 OS: WinXP and Vista	Ok Britt, we have a lot to do. Please copy this page to Word Precessor and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ************************************************* Downloads Please do not run until directed to do so. KillBox (it's important that you get version v2.0.0.175) -------------------------------------------- AproposFix from here: http://swandog46.geekstogo.com/aproposfix.exe Save it to your desktop. -------------------------------------------- Brute Force Uninstaller to your desktop. Right click the BFU folder on your desktop, and choose Extract All Click "Next" In the box to choose where to extract the files to, Click "Browse" Click on the + sign next to "My Computer" Click on "Local Disk (C:) or whatever your primary drive is Click "Make New Folder" Type in BFU Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish". RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones. Save it in the same folder you made earlier (c:\BFU). RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download MediaGateway.bfu. Save it in the same folder you made earlier (c:\BFU). -------------------------------------------- Download and save VundoFix** to your desktop. * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. -------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) Java 2 Runtime Environment, SE v1.4.2 -------------------------------------------------------------------- Please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. -------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entry: O3 - Toolbar: Internet-Based-Moms - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\Program Files\IETB\ietoolbar.dll Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. ---------------------------------------------------- Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present: · "Security Info" · "Warning Message" · "Security Desktop" · "Warning Homepage" · "Desktop Uninstall" Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. ---------------------------------------------------- Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin. ---------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. ---------------------------------------------------- Launch KillBox.exe. Select/tick the following: * Delete on Reboot * Deltree (include subdirectories) Click the RED X button. Click Yes at the 'Delete on Reboot' prompt. Click NO at the Pending Operations prompt. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again. Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C: Note--You'll have to split this list up as there are so many. I've placed a space between to set up groupings for you so no folders get overlooked in the copy/paste process. C:\Program Files\winfixer_2006 C:\Program Files\whenu C:\Program Files\websnitch v3.0 C:\Program Files\vvsdl C:\Program Files\Common Files\winsoftware C:\Program Files\Common Files\winfixer 2006 C:\Program Files\Common Files\whenu C:\Program Files\Common Files\ucontrol C:\Program Files\vvsn C:\Program Files\vmntoolbar C:\Program Files\ts trial C:\Program Files\topmoxie C:\Program Files\netmeting C:\Program Files\hpdll C:\Program Files\spyware stormer Repeat the above procedure for each of the following groupings C:\Program Files\softomate C:\Program Files\seekmo C:\Program Files\searchnet C:\Program Files\screenview C:\Program Files\savenow C:\Program Files\relevantknowledge C:\Program Files\rax search helper C:\Program Files\p4p C:\Program Files\ietoolbar C:\Program Files\ezthemes_whenusavenow_installer C:\Program Files\dynamic toolbar C:\Program Files\Common Files\sogou pxp C:\Program Files\startup mechanic C:\Program Files\need2find C:\Program Files\ncase C:\Program Files\navexcel C:\Program Files\navexcel search toolbar C:\Program Files\mywebsearch C:\Program Files\ddr C:\Program Files\arcade! C:\Program Files\support software C:\Program Files\network essentials C:\Program Files\md C:\Program Files\lstsvc C:\Program Files\kuaiso toolsbar C:\Program Files\kgb keylogger C:\Program Files\invisible secrets toolbar C:\Program Files\instant buzz C:\Program Files\instant access C:\Program Files\exploreanywhere C:\Program Files\Common Files\wqzq C:\Program Files\Common Files\updmgr C:\Program Files\Common Files\updater C:\Program Files\Common Files\keenvalue C:\Program Files\system soap pro C:\Program Files\search toolbar C:\Program Files\httper C:\Program Files\homekeylogger C:\Program Files\hbtools C:\Program Files\hbinst C:\Program Files\Common Files\wintools C:\Program Files\Common Files\msiets C:\Program Files\Common Files\btlink C:\Program Files\xmod C:\Program Files\xml C:\Program Files\vcom C:\Program Files\sync manager demo C:\Program Files\scom C:\Program Files\reg2 C:\Program Files\pvm C:\Program Files\primesoft C:\Program Files\paymentone C:\Program Files\gsr C:\Program Files\gsoft C:\Program Files\gmsoft C:\Program Files\globaldialer C:\Program Files\ftk C:\Program Files\flt C:\Program Files\fln C:\Program Files\flcp C:\Program Files\fla C:\Program Files\filesubmit C:\Program Files\fen C:\Program Files\fastseeker C:\Program Files\dialers C:\Program Files\webrebates C:\Program Files\real-tens C:\Program Files\popcorn.net C:\Program Files\movienetworks C:\Program Files\mlh C:\Program Files\medch C:\Program Files\kfh C:\Program Files\ezurl C:\Program Files\exact C:\Program Files\e2give C:\Program Files\e2g C:\Program Files\downloadware C:\Program Files\downloadware engine C:\Program Files\dealhelper C:\Program Files\dealhelper.com inc C:\Program Files\dateregon C:\Program Files\date manager C:\Program Files\data19 C:\Program Files\comsoft C:\Program Files\Common Files\eacceleration C:\Program Files\windowssa C:\Program Files\tvs C:\Program Files\rvp C:\Program Files\lycos C:\Program Files\letssearch C:\Program Files\gator.com C:\Program Files\csbb C:\Program Files\Common Files\psd tools C:\Program Files\Common Files\gmt C:\Program Files\Common Files\cmeii C:\Program Files\colej_uk design toolbar C:\Program Files\cntrc C:\Program Files\clipgenie C:\Program Files\clientman C:\Program Files\clearsearch C:\Program Files\btv C:\Program Files\brp C:\Program Files\browser pal C:\Program Files\bpt C:\Program Files\bpc_search C:\Program Files\bonzibuddy C:\Program Files\bde C:\Program Files\sysal C:\Program Files\mediaring talk C:\Program Files\funcade C:\Program Files\cardcrazy C:\Program Files\bargain buddy C:\Program Files\backweb C:\Program Files\arcaderockstar C:\Program Files\aproposclient C:\Program Files\accoona C:\Program Files\the guard C:\Program Files\stc C:\Program Files\srng C:\Program Files\netturbotrial C:\Program Files\malwaresweeper.com C:\Program Files\fs C:\Program Files\flobo spyware clean C:\Program Files\fix my registry C:\Program Files\Common Files\betterinternet C:\Program Files\beclean C:\Program Files\abetterinternet C:\Program Files\2search C:\Program Files\IETB ---------------------------------------------------- Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts. ---------------------------------------------------- Now, please go to Start > My Computer and navigate to the C:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe Beside the scriptline to execute field click the folder icon and select mediagateway.bfu by double clicking on it. Press Execute and let it do it’s job. (You ought to see a blue progress bar if you did this correctly.) Wait for the complete script execution box to pop up and press OK. ---------------------------------------------------- Now, within the BFU folder, double-click on sidekickFix.bat. Click YES and follow the prompts, when prompted to restart the PC please do so. ---------------------------------------------------- Run another online scan at Panda and save the results. ---------------------------------------------------- Run ComboScan.exe once again. ---------------------------------------------------- Please include the following in your next reply: C:\vundofix.txt C:\rapport.txt log.txt (located in the AproposFix folder) Actions History Log (Open Killbox>file>logs>Actions History Log) Panda results ComboScan.txt (no need for the Supplementary.txt) __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul." Last edited by Ried; 02-23-2007 at 09:03 PM.

02-24-2007, 07:30 AM	#13 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	Hi Ried, RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones. Save it in the same folder you made earlier (c:\BFU). I am unable to download this file.. can I get it somewhere else? __________________ Thanks for all your help!! Britt

02-24-2007, 10:45 AM	#15 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,958 OS: WinXP and Vista	We'll take care of SurfSidekick in the next round--let's get rid of the bulk first. Answer Yes to any prompts by the SmitfraudFix--we want it to clean. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-24-2007, 10:53 AM	#16 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	Ok will do. :) I'll do that right now ;) TIA :D __________________ Thanks for all your help!! Britt

02-24-2007, 11:10 AM	#17 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	Ok I got to this part.. Launch KillBox.exe. Select/tick the following: * Delete on Reboot * Deltree (include subdirectories) Click the RED X button. Is this supposed to be done in safe mode? It won't allow me to select Deltree and it asks me which file to select? __________________ Thanks for all your help!! Britt

02-24-2007, 11:34 AM	#18 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,958 OS: WinXP and Vista	Yes, you should still be in Safe Mode. Normally there aren't this many folders to delete on a system--so in trying to make it 'work' for you using Killbox, my instructions are a bit lacking. What you're going to do is work with a group of folders at a time, by doing the following for each grouping: Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C: Go to the File menu, and choose Paste from Clipboard Click on the dropdown menu next to Full Path of File to Delete field. Verify that the filenames you pasted are found there Then Select/tick the following: * Delete on Reboot * Deltree (include subdirectories) Click the RED X button. Click Yes at the 'Delete on Reboot' prompt. Click No at the Pending Operations prompt. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-24-2007, 12:20 PM	#19 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	Ok.. now my wrist hurts. LOL killbox log C:\Program Files\winfixer_2006 Delete on Reboot C:\Program Files\whenu Delete on Reboot C:\Program Files\websnitch v3.0 Delete on Reboot C:\Program Files\vvsdl Delete on Reboot C:\Program Files\Common Files\winsoftware Delete on Reboot C:\Program Files\Common Files\winfixer 2006 Delete on Reboot C:\Program Files\Common Files\whenu Delete on Reboot C:\Program Files\Common Files\ucontrol Delete on Reboot C:\Program Files\vvsn Delete on Reboot C:\Program Files\vmntoolbar Delete on Reboot C:\Program Files\ts trial Delete on Reboot C:\Program Files\topmoxie Delete on Reboot C:\Program Files\netmeting Delete on Reboot C:\Program Files\hpdll Delete on Reboot C:\Program Files\spyware stormer Delete on Reboot C:\Program Files\softomate Delete on Reboot C:\Program Files\seekmo Delete on Reboot C:\Program Files\searchnet Delete on Reboot C:\Program Files\screenview Delete on Reboot C:\Program Files\savenow Delete on Reboot C:\Program Files\relevantknowledge Delete on Reboot C:\Program Files\rax search helper Delete on Reboot C:\Program Files\p4p Delete on Reboot C:\Program Files\ietoolbar Delete on Reboot C:\Program Files\ezthemes_whenusavenow_installer Delete on Reboot C:\Program Files\dynamic toolbar Delete on Reboot C:\Program Files\Common Files\sogou pxp Delete on Reboot C:\Program Files\startup mechanic Delete on Reboot C:\Program Files\navexcel Delete on Reboot C:\Program Files\navexcel search toolbar Delete on Reboot C:\Program Files\mywebsearch Delete on Reboot C:\Program Files\ddr Delete on Reboot C:\Program Files\arcade! Delete on Reboot C:\Program Files\support software Delete on Reboot C:\Program Files\network essentials Delete on Reboot C:\Program Files\md Delete on Reboot C:\Program Files\lstsvc Delete on Reboot C:\Program Files\kuaiso toolsbar Delete on Reboot C:\Program Files\kgb keylogger Delete on Reboot C:\Program Files\invisible secrets toolbar Delete on Reboot C:\Program Files\instant buzz Delete on Reboot C:\Program Files\instant access Delete on Reboot C:\Program Files\exploreanywhere Delete on Reboot C:\Program Files\Common Files\wqzq Delete on Reboot C:\Program Files\Common Files\updmgr Delete on Reboot C:\Program Files\Common Files\updater Delete on Reboot C:\Program Files\Common Files\keenvalue Delete on Reboot C:\Program Files\system soap pro Delete on Reboot C:\Program Files\search toolbar Delete on Reboot C:\Program Files\httper Delete on Reboot C:\Program Files\homekeylogger Delete on Reboot C:\Program Files\hbtools Delete on Reboot C:\Program Files\hbinst Delete on Reboot C:\Program Files\Common Files\wintools Delete on Reboot C:\Program Files\Common Files\msiets Delete on Reboot C:\Program Files\Common Files\btlink Delete on Reboot C:\Program Files\xmod Delete on Reboot C:\Program Files\xml Delete on Reboot C:\Program Files\vcom Delete on Reboot C:\Program Files\sync manager demo Delete on Reboot C:\Program Files\scom Delete on Reboot C:\Program Files\reg2 Delete on Reboot C:\Program Files\pvm Delete on Reboot C:\Program Files\primesoft Delete on Reboot C:\Program Files\paymentone Delete on Reboot C:\Program Files\gsr Delete on Reboot C:\Program Files\gsoft Delete on Reboot C:\Program Files\gmsoft Delete on Reboot C:\Program Files\globaldialer Delete on Reboot C:\Program Files\ftk Delete on Reboot C:\Program Files\fla Delete on Reboot C:\Program Files\filesubmit Delete on Reboot C:\Program Files\fen Delete on Reboot C:\Program Files\fastseeker Delete on Reboot C:\Program Files\dialers Delete on Reboot C:\Program Files\webrebates Delete on Reboot C:\Program Files\real-tens Delete on Reboot C:\Program Files\popcorn.net Delete on Reboot C:\Program Files\movienetworks Delete on Reboot C:\Program Files\mlh Delete on Reboot C:\Program Files\medch Delete on Reboot C:\Program Files\kfh Delete on Reboot C:\Program Files\e2g Delete on Reboot C:\Program Files\downloadware Delete on Reboot C:\Program Files\downloadware engine Delete on Reboot C:\Program Files\dealhelper Delete on Reboot C:\Program Files\dealhelper.com inc Delete on Reboot C:\Program Files\dateregon Delete on Reboot C:\Program Files\date manager Delete on Reboot C:\Program Files\data19 Delete on Reboot C:\Program Files\comsoft Delete on Reboot C:\Program Files\Common Files\eacceleration Delete on Reboot C:\Program Files\windowssa Delete on Reboot C:\Program Files\tvs Delete on Reboot C:\Program Files\rvp Delete on Reboot C:\Program Files\lycos Delete on Reboot C:\Program Files\letssearch Delete on Reboot C:\Program Files\gator.com Delete on Reboot C:\Program Files\csbb Delete on Reboot C:\Program Files\Common Files\psd tools Delete on Reboot C:\Program Files\Common Files\gmt Delete on Reboot C:\Program Files\Common Files\cmeii Delete on Reboot C:\Program Files\colej_uk design toolbar Delete on Reboot C:\Program Files\cntrc Delete on Reboot C:\Program Files\clipgenie Delete on Reboot C:\Program Files\clipgenie Delete on Reboot C:\Program Files\clientman Delete on Reboot C:\Program Files\clearsearch Delete on Reboot C:\Program Files\btv Delete on Reboot C:\Program Files\brp Delete on Reboot C:\Program Files\browser pal Delete on Reboot C:\Program Files\bpt Delete on Reboot C:\Program Files\bpc_search Delete on Reboot C:\Program Files\bonzibuddy Delete on Reboot C:\Program Files\bde Delete on Reboot C:\Program Files\sysal Delete on Reboot C:\Program Files\mediaring talk Delete on Reboot C:\Program Files\funcade Delete on Reboot C:\Program Files\cardcrazy Delete on Reboot C:\Program Files\bargain buddy Delete on Reboot C:\Program Files\backweb Delete on Reboot C:\Program Files\arcaderockstar Delete on Reboot C:\Program Files\aproposclient Delete on Reboot C:\Program Files\accoona Delete on Reboot C:\Program Files\the guard Delete on Reboot C:\Program Files\stc Delete on Reboot C:\Program Files\srng Delete on Reboot C:\Program Files\netturbotrial Delete on Reboot C:\Program Files\malwaresweeper.com Delete on Reboot C:\Program Files\fs Delete on Reboot C:\Program Files\flobo spyware clean Delete on Reboot C:\Program Files\fix my registry Delete on Reboot C:\Program Files\Common Files\betterinternet Delete on Reboot C:\Program Files\beclean Delete on Reboot C:\Program Files\abetterinternet Delete on Reboot C:\Program Files\2search Delete on Reboot C:\Program Files\IETB Delete on Reboot __________________ Thanks for all your help!! Britt

02-24-2007, 12:20 PM	#20 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	Log of AproposFix v1.1 ********** Running from directory: C:\Documents and Settings\Owner\Desktop\aproposfix ******** Registry entries found: ********** No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! Finished! __________________ Thanks for all your help!! Britt